Config drift for the PowerShell noob - AD Edition
Well, maybe not just for noobs ;)
One of the most common scenarios we get questions around is managing configuration drift in enterprise scale environments, especially given the high rate of change in the cloud connected world. Generally speaking desired configuration management hasn't been as prevalent in the identity space - most have treated DCs as special; we've built walled gardens around them, assembled an honor guard (what? your company doesn't call the Ops team by a similar name? :) ) and protected them from the evil doers in the Windows, System Center and Backup teams - to name a few. By only allowing those we trust - EAs and DAs - to have access we've wandered along blissfully thinking that our environments haven't drifted from their expected configuration / state.
Yeah.. we were wrong. Very, very wrong.
Fortunately we've had an answer to many of these challenges just waiting for us to leverage it - PowerShell DSC. Over the next few weeks I'll be posting out some content specific to leveraging DSC in conjunction with other tools to monitor for, and remediate drift in AD specific scenarios.
In the meantime, we have some exceptional content out there to get you started with DSC.. might I recommend:
Dan Cuomo's excellent post on AskPFEPlat:
As always, you'll find great content on Ashley McGlone's blog: (and you can catch the occasional pic of that stellar goatee of his) https://blogs.technet.microsoft.com/ashleymcglone/2015/05/22/17-hours-of-powershell-desired-state-configuration-dsc-video-training/